| 제목 | CampCodes School Management Software 1 Cross Site Scripting |
|---|
| 설명 | Cross-Site Scripting (XSS) vulnerability exists in "ID Card Title" form field of "/create-id-card" page. The payload gets executed and rendered on entering it in the "ID Card Title" form field dynamically. We can enter any javascript or html payload to get it executed in the application, we can even use document.cookie to steal the session cookie.
Cross-Site Scripting (XSS) vulnerabilities can pose significant risks to organizations by enabling attackers to exploit vulnerabilities in web applications. These risks span security, business operations, and customer trust.
Payload:
<img src=x onerror=alert(1)>
<img src=x onerror=alert(document.cookie)> |
|---|
| 원천 | ⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Cross%20Site%20Scripting.pdf |
|---|
| 사용자 | khukuririmal (UID 80171) |
|---|
| 제출 | 2025. 01. 13. PM 06:48 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 17. PM 09:49 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 292493 [Campcodes School Management Software 1.0 Create Id Card Page /create-id-card ID Card Title 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|